ElasticMS Website Skeleton in Docker containers
To automate the build and testing of this image, we rely on a Makefile that facilitates the construction and testing of a container image for ElasticMS Website Skeleton. The Makefile supports both Docker and Podman with Buildah as options for building and testing the image. Additionally, the Dockerfile used for image creation is templated using m4.
To use this Makefile, you need to have the following installed on your system:
- Docker or Podman with Buildah (for building and managing containers)
- Git (for version control)
- Make (for running the Makefile commands)
- M4 (for generating the Dockerfile from templates)
Make sure to follow the links provided to install the required tools according to your operating system and platform.
-
Clone the repository containing the Makefile and navigate to its directory:
git clone <repository_url> cd <repository_directory>
-
(Optional) If you want to customize the build process, create a
.build.env
file in the repository directory. This file can define the following environment variables:ELASTICMS_WEB_VERSION
: The version of ElasticMS Website Skeleton to build (default: 5.0.0)DOCKER_IMAGE_NAME
: The name of the Docker image to build (default: docker.io/elasticms/website-skeleton)
Make sure to define these variables in the
.build.env
file using theKEY=VALUE
format.
To use the Makefile, you can run the following commands:
make build
: Build the Docker image for the production (prd
) variant of ElasticMS Website Skeleton.make build-dev
: Build the Docker image for the development (dev
) variant of ElasticMS Website Skeleton.make build-all
: Build Docker images for both the production and development variants of ElasticMS Website Skeleton.make test
: Test the Docker image for the production (prd
) variant of ElasticMS Website Skeleton.make test-dev
: Test the Docker image for the development (dev
) variant of ElasticMS Website Skeleton.make test-all
: Test Docker images for both the production and development variants of ElasticMS Website Skeleton.make Dockerfile
: Generate the Dockerfile from the provided templates.
You can also run make help
to see a list of available commands.
Note: By default, the Makefile uses Docker as the container engine. If you want to use Podman with Buildah instead, you have two options:
-
Set the
CONTAINER_ENGINE
variable in the.build.env
file. Create a.build.env
file in the repository directory and defineCONTAINER_ENGINE=podman
in the file. -
Set the
CONTAINER_ENGINE
environment variable directly when running the Makefile commands:make build CONTAINER_ENGINE=podman
Using an environment variable allows you to dynamically switch between Docker and Podman with Buildah without modifying the .build.env
file.
Additionally, if you are using Podman as the container engine, you can specify the CONTAINER_TARGET_IMAGE_FORMAT
environment variable to choose the image format. By default, the image format is Docker. To create the image in the OCI format, use the following command:
make build CONTAINER_ENGINE=podman CONTAINER_TARGET_IMAGE_FORMAT=oci
To customize the Docker image name and ElasticMS Website Skeleton version, you have two options:
-
Set the
DOCKER_IMAGE_NAME
andELASTICMS_WEB_VERSION
variables in the.build.env
file. Create a.build.env
file in the repository directory and define the desired values for these variables. -
Set the
DOCKER_IMAGE_NAME
andELASTICMS_WEB_VERSION
environment variables directly when running the Makefile commands:make build DOCKER_IMAGE_NAME=my-custom-image ELASTICMS_WEB_VERSION=6.0.0
Setting these variables allows you to customize the image name and ElasticMS Website Skeleton version without modifying the .build.env
file.
Please ensure that you have the necessary dependencies installed as mentioned earlier in the documentation.
If you want to customize the build process further, you can modify the .build.env
file to set the desired values for the environment variables mentioned earlier. Additionally, you can modify the Dockerfile templates located in the Dockerfiles
directory. The Makefile uses m4
to generate the final Dockerfile from the templates.
To regenerate the Dockerfile after modifying the templates, run the following command:
make Dockerfile
The Makefile uses Bats (Bash Automated Testing System) to test the Docker images. The test cases are defined in the test/tests.bats
file. Before running the tests, make sure you have the following dependencies installed:
- Bats: Bats is a TAP-compliant testing framework for Bash. Install Bats by following the instructions in the Bats documentation.
- AWS CLI: The AWS CLI is required to execute certain tests. Install the AWS CLI by following the instructions in the AWS CLI user guide.
- npm: npm is the package manager for JavaScript. Install npm by following the instructions in the npm documentation.
- gettext: gettext is a package that provides internationalization (i18n) support. Install gettext by following the instructions for your specific operating system.
- Docker: If you're using Docker as the container engine, you need to have Docker installed. Follow the instructions in the Docker documentation to install Docker.
- Docker Compose: Docker Compose is required for certain tests that use Docker Compose functionality. Install Docker Compose by following the instructions in the Docker Compose documentation.
- Podman (with Podman Compose): If you're using Podman as the container engine, you need to have Podman and Podman Compose installed. Install Podman by following the instructions in the Podman documentation. Install Podman Compose by following the instructions in the Podman Compose documentation.
To run the tests, make sure to configure the desired container engine (Docker or Podman) using the CONTAINER_ENGINE environment variable. The Makefile will execute the tests accordingly.
To run the tests, use the following commands:
make test
: Test the Docker image for the production (prd
) variant of ElasticMS Website Skeleton using the configured container engine.make test-dev
: Test the Docker image for the development (dev
) variant of ElasticMS Website Skeleton using the configured container engine.make test-all
: Test Docker images for both the production and development variants of ElasticMS Website Skeleton using the configured container engine.
You can also specify the DOCKER_IMAGE_NAME
and ELASTICMS_WEB_VERSION
variables to customize the image name and version used for testing. For example:
make test DOCKER_IMAGE_NAME=my-custom-image ELASTICMS_WEB_VERSION=6.0.0 CONTAINER_ENGINE=podman
The Bats test suite includes multiple test cases that validate the functionality and behavior of the ElasticMS Website Skeleton container image. It covers various aspects of the image, including its configuration, dependencies, and expected output. The test suite ensures the integrity and correctness of the container image.
Releases are done via GitHub actions and uploaded on Docker Hub.
The elasticms/admin images come in many flavors, each designed for a specific use case.
This variant contains the ElasticMS Web installed in a Production PHP environment.
This variant contains the ElasticMS Web installed in a Development PHP environment.
Variable Name | Description | Default | Example |
---|---|---|---|
APACHE_ACCESS_CONTROL_ALLOW_ORIGIN | Enable CORS(Cross-Origin Resource Sharing) authorization Apache Header. | - | *.example.com |
APACHE_ACCESS_CONTROL_ALLOW_METHODS | Enable CORS(Cross-Origin Resource Sharing) allowed methods Apache Header. (applied only when ALLOW_ORIGIN is present). | GET |
GET |
APACHE_ACCESS_CONTROL_ALLOW_HEADERS | Enable CORS(Cross-Origin Resource Sharing) allowed headers Apache Header. (applied only when ALLOW_ORIGIN is present). | application/json |
* |
APACHE_CACHE_CONTROL | Define Cache-Control header for static files directly served by Apache (i.e. from bundles and asset archives) Apache Header. | max-age=86400, public |
immutable, max-age=31536000, public |
PUID | Define the user identifier | 1001 |
1000 |
APACHE_CUSTOM_ASSETS_RC | Rewrite condition that prevent request to be treated by PHP, typically bundles or assets | ^\"+.alias+\"/bundles |
/bundles/ |
APACHE_X_FRAME_OPTIONS | The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> , <iframe> , <embed> or <object> . |
SAMEORIGIN |
DENY |
APACHE_X_XSS_PROTECTION | The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. | 1 |
1; mode=block , 0 |
APACHE_X_CONTENT_TYPE_OPTIONS | The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. | nosniff |
|
APACHE_STRICT_TRANSPORT_SECURITY | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. | N/A | max-age=31536000; includeSubDomains |
APACHE_CONTENT_SECURITY_POLICY | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. | N/A | default-src https: , default-src 'self'; script-src 'self' cdnjs.cloudflare.com static.cloudflareinsights.com; img-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com; form-action 'self'; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default |
APACHE_REFERRER_POLICY | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. | N/A | no-referrer-when-downgrade , Strict-origin-when-cross-origi |
APACHE_PERMISSIONS_POLICY | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. | N/A | accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() |
You can test your security headers at Security Headers.
TODO
VCL Specific env vars.
Variable Name | Description | Default |
---|---|---|
VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_METHOD_CUSTOM | doc | HEAD |
VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_URI_CUSTOM | doc | /index.php?varnish |
VARNISH_VCL_BACKEND_PROBE_REQUEST_HTTP_VERSION_CUSTOM | doc | HTTP/1.1 |
VARNISH_VCL_BACKEND_PROBE_REQUEST_HOST_CUSTOM | doc | default.localhost |
VARNISH_VCL_BACKEND_PROBE_TIMEOUT_CUSTOM | doc | 1s |
VARNISH_VCL_BACKEND_PROBE_INTERVAL_CUSTOM | doc | 5s |
VARNISH_VCL_BACKEND_PROBE_WINDOW_CUSTOM | doc | 5 |
VARNISH_VCL_BACKEND_PROBE_THRESHOLD_CUSTOM | doc | 3 |
VARNISH_VCL_RECV_REQUEST_X_FORWARDED_PROTO_HEADER_NAME_CUSTOM | doc | X-Forwarded-Proto |
VARNISH_VCL_BACKEND_RESPONSE_TTL_CUSTOM | doc | 10s |
VARNISH_VCL_BACKEND_RESPONSE_GRACE_CUSTOM | doc | 24h |
Return WebSite Skeleton Prometheus metrics.
Variable Name | Description | Default |
---|---|---|
METRICS_ENABLED | Add metrics dedicated vhost running on a specific port (9090). | empty |
METRICS_VHOST_SERVER_NAME | Apache ServerName directive used for dedicated vhost. | $(hostname -i) |
-
paths :
-
/opt/(configs|secrets) -> /app/config/elasticms -> plus de distinction entre secrets et configmaps
-
/opt/src -> /app/src/elasticms
-
/opt/bin -> /app/sbin ( scripts créés dynamiquement , peut-etre être un volume )
-
/tmp -> /app/tmp/elasticms.d
-
/var/lib/ems -> deleted
-
-
utilisation des variables environment non prefixee dans les scripts
- METRICS_ENABLED vs EMS_METRIC_ENABLED
-
rename variables METRICS_VHOST_SERVER_NAME_CUSTOM -> METRICS_VHOST_SERVER_NAME ENVIRONMENT_ALIAS -> APACHE_ENVIRONMENT_ALIAS
-
new variables
export APP_BIN_DIR="/app/sbin" export APP_SRC_DIR="/app/src/elasticms" export APP_TMP_DIR="${TMPDIR}"
export APP_CONFIG_DIR="${APP_TMP_DIR}/elasticms.d" export APP_CACHE_DIR="/app/var/cache/elasticms" export APP_LOG_DIR="/app/var/log/elasticms"
export APACHE_PUBLIC_DIR="${APP_SRC_DIR}/public" export APACHE_ASSETS_DIR="${APACHE_PUBLIC_DIR}/bundles"
HTPASSWD_FILE
true
APP_PUBLIC_DIR APP_ASSETS_DIR
- use gtpl ald. tmpl pour éviter gomplate standard de l'image de base. les templates reprennent des variables lues plus tard (dans les fichiers de config ems)